A patient lies in a hospital bed waiting for a medical professional to conduct a blood gas analysis. Little does the patient know that his personal information is also undergoing a procedure.
The database that stores patient data was found unencrypted, default passwords were used, and the nature of the exploit was basic, according to TrapX Security, which was called in later to recreate and diagnose the issues at the unnamed hospital. The technology research company recently released its findings in a report called “Anatomy of an Attack – Medical Device Hijack (MEDJACK)”. The security company declined to name the three hospitals it examined, except to say they were located in the Western and Northeastern U.S.
Source: NW Security 1